CPSC 6126 – Information System Assurance

CPSC 6126 – Information System Assurance
Fall/2011
Instructor
Dr. Jianhua Yang
Center for Commerce and Technology 440
(706) 507–8180
e–mail: yang_jianhua@ColumbusState.edu
website: http://csc.colstate.edu/yang
Office Hours: TBA
Class Meetings
Online Teaching and Learning through WebCT
Course Prerequisites: CPSC 5157G or CPSC 5157U, or equivalent
Textbook
M. Whitman, H. J. Mattord, “Principles of Information Security (4 th edition)”, Course
Technology, Cengage Learning, 2011. ISBN-13:978-1-111-13821-9. ISBN-10: 1-111-
13821-4.
Other Required Materials
1. Internet access to CougarView and Tegrity.
2. “Jing” software to take snapshots for your hands-on labs (or similar software to take
snapshot)
3. A computer at least with the following configuration:
a. Windows 7/XP/Vista operating system
b. 2G memory
c. 40G free space in the hard drive
d. Ethernet network interface card
e. CD-ROM/DVD
Additional textbooks and References
1. M. Goodrich and R. Tamassia, “Introduction to computer security”, 2011,
Addison Wesley.ISBN-13: 978-0-321-51294-9.
2. Charles Pfleeger and Shari Lawrence Pfleeger, Security in Computing (the 4 th
edition).
Course Description
This course focuses on the protection of information systems against unauthorized access
to or modification of information whether in storage, processing or transit, and against
the denial of service to authorized users, including those measures necessary to detect,
document, and counter such threats. This course creates sensitivity to the threats and
vulnerabilities of information systems, recognition of the need and means to protect data

and information, and builds a working knowledge of principles and practices in
information security. Prerequisite: CPSC 5157 or equivalent
Course Topics
1. Introduction to information security
2. The need for security
3. Legal, ethical, and professional issues in Information Security
4. Risk management
5. Planning for security
6. Firewalls and VPNs
7. Intrusion detection and prevention system, and other security tools
8. Cryptography
9. Physical security
10. Implementing information security
11. Security and personnel
12. Information security maintenance
Learning Outcome
1. Students will, upon completion of this course, have a broad understanding and
knowledge skills in computer security and information assurance.
a. Students will have a conceptual understanding and practical experience in
information system assurance;
b. Students will have a strong foundation in virtual machine;
c. Students will have a strong understanding of at least two operating system
and reasonable experience with at least one more operating system;
d. Students will have a conceptual and fundamental understanding of computer
organization, database management, operating system and software
engineering;
e. Students will have a strong foundation in design, analysis and complexity
evaluation of security system;
f. Students will have practical experience in protecting computer system and
preventing attacks.
2. Students will have courses that focus on in depth understanding of selected areas of
computer science.
3. Students will have reasonable experience in the design and implementation of a large
security system.
4. Students will be able to communicate effectively both orally and in written reports.
5. Students will have the knowledge and skills to pursue careers in industry and/or
higher education degree programs.
6. Students will be able to integrate their knowledge and skills into evolving
technologies in computer science.
Learning Objectives
At the completion of this course students will be able to:
1. Understand the major issues of information assurance.
2. Identify threats and vulnerabilities to information systems.

3. Identify data, computer and network exploits.
4. Identify ways to secure data, computers and networks.
5. Understand the use of encryption.
6. Understand the economics of Cybersecurity.
7. Understand the privacy aspects of security.
8. Be aware of the legal and ethical issues of securing information systems.
Course Methods
• Readings. Students will read the textbook and other supplemental materials such as PPT slides and
handouts.
• Assignments. There will be 6 online assignments. Assignments build upon the concepts covered in the
textbook and may involve hands-on work. Assignment submissions are via CougarView only. Email
submission is not accepted. Only the 5 best are considered toward the assignment total. Assignment
deadlines are not flexible for any reason. I understand that sometimes delays are unavoidable; hence,
provision has already been made for the worst grade to be dropped. Late assignments are not accepted
for credit.
• Hands-on labs. There will be 8 hands-on exercises. You must meet the requirements for each hands-on
lab. Download the software needed for each lab, and follow the instructions to finish the lab and
answer the questions at the end of each lab. If snapshots are needed, please take the required snapshots
when you conduct the hands-on lab and submit them through your lab report. Each hands-on lab report
has a deadline set up. The deadlines are not flexible for any reason. Email submission is not
accepted. Most software for the labs are available at the Internet. You can also download them from
“My Download Center” at CougarView.
• Exams. There will be 12 online tests, one final exam hosted at CougarView as shown in the course
schedule. Students need to finish the tests and final exam online. You have two tries for each online
tests, one try for the final exam. All the tests and exam will be open textbook with time limit, so that a
proctor will not be required. The deadline for each online test and final exam is strictly enforced.
Nobody can make up the tests and final exam if you miss the deadline without reasonable reason. “My
computer is crashed, or I do not have Internet access, or my system got stuck, or the CougarView is not
accessible, or I did the test but forgot to submit, or during doing the test, my system is crashed” are not
the excuses to make up the test.
• You Must Know. This course will cover some techniques for attacking purpose. Nobody can use the
techniques to attack or crash other systems. You must be responsible for your activities.
Student Responsibilities
1. Managing your time and maintaining the discipline required to meet course
requirements.
2. Covering all assigned readings in a timely manner.
3. Completing all assignments, hands-on labs, online tests and final exam.
4. Chapter assignments and hands-on lab reports:
o All assignments and reports must be typed not hand-written and must be
submitted in one word/pdf format file. Each assignment or lab report must
be named in the following format:
1) LastName_FirstName_Assignment xx
2) LastName_FirstName_Report_Lab xx
o Assignments and hands-on labs are due exactly at the prescribed time. No
late submission is accepted.
o Submit the softcopy of the assignments through your CougarView account.

o Any questions or complaints regarding the grading of an assignment or
test or hands-on lab reports must be raised within one week after the score
or the graded assignment is made available.
5. Providing answers for any examination when not specifically authorized by the
instructor to do so, or, informing any person or persons of the contents of any
examination prior to the time the examination is given is considered cheating.
6. Penalty for cheating will be extremely severe. Use your best judgment. If you are
not sure about certain activities, consult the instructor. Standard academic
honesty procedure will be followed for cheating and active cheating
automatically results F in the final grade. Please
http://aa.colstate.edu/advising/a.htm#Academic Dishonesty/Academic
Misconduct for additional information.
7. Pay very careful attention to your email correspondence. It reflects your
communication skills. Avoid use non-standard English such as "how r u" in your
email message. In addition, I recommend you put the class number CPSC 6126
and a brief summary of your question in your email subject. For example,
Subject: CPSC 6126 A question on using Virtual Box.
Instructor Responsibilities
1. Give lectures (CougarView and Tegrity) and demonstration on the course material.
2. Assign appropriate homework that illustrates the concepts of the course, and
grade and return the homework in a timely manner with adequate explanation.
3. Give tests over the material and grade and return the tests in a timely manner
4. Maintain a website that supports the course.
5. Reply promptly (within one business day) to all student e–mail communications.
Methods for Evaluating Students
The evaluation methods include assignments, online tests, hands-on labs, and a final
exam.
Chapter assignments 20%
Online tests 20%
Hands-on labs 30%
Final exam 30%
The Exams: All the tests and final exam are given online and open-book.
Assignment of Letter Grades
The method of assigning letter grades based on overall course averages is fairly standard.
The basic method for assigning grades is described as follows:
Average Letter Grade
90 – 100 A
80 – 89 B
70 – 79 C
60 – 69 D
Below 60 F

Tentative Topic Schedule
Week Topics Assignments Handson
labs
1 (Aug.15-21) Introduction to how to learn
this course (see the Video at
Tegrity)
Online
Tests
2 (Aug.22-28) Ch1: Introduction to
Information Security
3 (Aug. 29-04) Ch2: The need for Security Lab 1 Test 1
4 (Sep. 06-11) Ch3: Legal, Ethical and Assignment1 Test 2
Professional Issues in
Information Security
5 (Sep.12-18) Ch4: Risk Management Test 3
6 (Sep.19-25) Ch5: Planning for Security Assignment 2 Lab 2 Test 4
7 (Sep.26-02) Ch6: Security Technology:
Firewall and VPNs
8 (Oct.03-09) Ch7: Intrusion Detection and
Prevention
Oct.10-11 Fall beak
9 (Oct.12-16) Ch7: Other Security Tools Assignment 3
Test 5
Lab 3 Test 6
10 (Oct.17-23) Ch8: Cryptography Lab 4 Test 7
11 (Oct.24-30) Ch9: Physical Security Assignment 4 Lab 5 Test 8
12 (Oct.31-06) Ch10: Implementing
Lab 6 Test 9
Information Security
13 (Nov.7-13) Ch11: Security and Personnel Assignment 5 Test 10
14(Nov.14-20)
15(Nov.21-27)
Ch12: Information Security
Maintenance
Thanksgiving Holiday break
Lab 7 Test 11
16(Nov.28-05) Assignment 6 Lab 8 Test 12
Dec. 06
Final Exam
Course Assistance
The best way to get in touch with me is by CougarView e–mail.
Dropping the Course
We hope that you will complete the course and profit from it. If it is necessary for you to
withdraw from the course during the semester, you must follow all official CSU
procedures for withdrawing. It is not sufficient to notify the instructor; you must use the
ISIS system and withdraw officially. For details on how to withdraw from a course, see
the web page
http://aa.colstate.edu/advising/w.htm#Withdrawal%20from%20a%20Course.

I would appreciate it if you were first to consult with me before starting the procedure for
withdrawing from the course. In some cases, we can agree on an arrangement that will
allow you to complete the course with minor adjustments.
Academic Honesty
Academic dishonesty includes, but is not limited to, activities such as cheating and
plagiarism (http://aa.colstate.edu/advising/a.htm#Academic Dishonesty/Academic
Misconduct). It is a basis for disciplinary action. Any work turned in for individual credit
must be entirely the work of the student submitting the work. All work must be your own.
You may share ideas but submitting identical assignments (for example) will be
considered cheating. You may discuss the material in the course and help one another
with debugging; however, any work you hand in for a grade must be your own. A simple
way to avoid inadvertent plagiarism is to talk about the assignments, but don't read each
other's work or write solutions together unless otherwise directed. For your own
protection, keep scratch paper and old versions of assignments to establish ownership,
until after the assignment has been graded and returned to you. If you have any questions
about this, please see me immediately. For assignments, access to notes, the course
textbooks, books and other publications is allowed. All work that is not your own,
MUST be properly cited. This includes any material found on the Internet. Stealing or
giving or receiving any code, diagrams, drawings, text or designs from another person
(CSU or non-CSU, including the Internet) is not allowed. Having access to another
person's work on the computer system or giving access to your work to another person is
not allowed. It is your responsibility to keep your work confidential.
No cheating in any form will be tolerated. Penalties for academic dishonesty may include
a zero grade on the assignment or exam/quiz, a failing grade for the course, suspension
from the Computer Science program, and dismissal from the program. All instances of
cheating will be documented in writing with a copy placed in the Department's files.
Students will be expected to discuss the academic misconduct with the faculty member
and the chairperson. For more details see the Faculty Handbook:
http://aa.colstate.edu/faculty/FacHandbook0203/sec100.htm#109.14 and the Student
Handbook: http://sa.colstate.edu/handbook/handbook2003.pdf
ADA Accommodation Notice
If you have a documented disability as described by the Rehabilitation Act of 1973
(P.L. 933-112 Section 504) and the Americans with Disability Act (ADA) that may
require you to need assistance attaining accessibility to instructional content to meet
course requirements, we recommend that you contact the Center for Academic Support in
Tucker Hall, room 100 or at (706)568-2330, as soon as possible. It is then your
responsibility to contact and meet with the instructor. It is also your responsibility
to present the instructor with a letter from the Center for Academic Support.
Without this letter detailing the required accommodations, the instructor cannot
help you. The Center for Academic Support can assist you and the instructor in
formulating a reasonable accommodation plan and provide support in developing
appropriate accommodations for your disability. Course requirements will not be waived
but accommodations may be made to assist you to meet the requirements. Technical
support may also be available to meet your specific need. For more information on
services and support available, refer to http://uc.colstate.edu/disability_services.htm.